Optima APIFTP Server Vulnerabilities
November 28, 2011
Security researcher Luigi Auriemma has publically disclosed
two vulnerabilities in Optima PLC, which can be exploited by
malicious people to cause a DoS (Denial of Service).
1) An error within the handling of certain packets in the
APIFTP Server (APIFTPServer.exe) can be exploited to
repeatedly trigger a NULL pointer dereference leading to a
stack overflow by sending specially packets to port
10260/TCP.
2) An error within the handling of certain packets in the
APIFTP Server (APIFTPServer.exe) can be exploited to cause
an infinite loop by sending specially crafted packets to
port 10260/TCP.
Platforms Affected:
- Optima APIFTP Server 1.5.2.13
- Optima APIFTP Server 1.6.1.110
- Optima PLC 2.13.3.5
Other versions may be affected.